Hi Dan and others
You may be interested in
http://jena.sourceforge.net/test/grddl/
Three of these tests explore security issues.
I would like the jena implementation to refuse to honour the document()
function at all, and disable some 'unsafe' XSLT2 features.
Unfortunately my code currently is failing those three security tests :(
I think that delays the first release.
I will be adding more tests as needed.
Jeremy